Problem with XP Pro SP2

cohen

cohen

New Member
Hey Guys,

For the past week or so i get this data excurcusion and it closes explorer.....

Now it has been doing it today about 3 to 4 times.....

Next time it comes up i will post a pic...

What could it be???

Would you like me to post a hijackthis log???

My virus software is AVG 8.0

Thanks,

Cohen
 
~bump~

Hasn't done it since i posted this thread.....

also... in some programs it doesn't load properly and you don't see anything and then i minimize it and then i see everything... like in word.... you don't see the top part then i minimize and see everything.... i have updated my video card driver and uninstalled it.... what else should i do???
 
New Problem!

I have found that i think i may have a virus within 1 min the explorer.exe had to close due to an error twice!

Here is a HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:37 PM, on 6/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\RemoteObserverClient\roclient.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\LocalCooling\localcooling.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SightSpeed\SightSpeed.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.3:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [LocalCooling] "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WinFlip] C:\Program Files\WinFlip\WinFlip.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199682323640
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: roclient - Unknown owner - C:\Program Files\RemoteObserverClient\roclient.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe

--
End of file - 14710 bytes

It doesn't look so good.... :o
 
Actually the log is clean. Many processes but no problems appear in the log...
We could look deeper, of course.
Could you download and run ComboFix?

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Here is a combo fix log:

ComboFix 08-06-01.6 - VK3FCLL 2008-06-06 19:11:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.521 [GMT 10:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\msnimport.exe
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-06 17:05 . 2008-06-06 17:05 <DIR> d-------- C:\Documents and Settings\VK3FCLL\dwhelper
2008-06-01 16:56 . 2008-06-01 16:56 <DIR> d-------- C:\Program Files\RemoteObserverClient
2008-06-01 16:56 . 2008-06-01 16:56 <DIR> d-------- C:\Program Files\RemoteObserver
2008-05-28 18:56 . 2008-05-28 18:56 <DIR> d-------- C:\Program Files\Wondershare
2008-05-28 18:56 . 2008-05-28 18:58 <DIR> d-------- C:\Documents and Settings\VK3FCLL\Application Data\DemoCreator
2008-05-26 06:55 . 2008-05-26 06:55 <DIR> d-------- C:\Program Files\Cornera
2008-05-25 17:08 . 2008-05-25 17:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2008-05-25 17:01 . 2008-05-25 17:04 <DIR> d-------- C:\WINDOWS\nview
2008-05-25 17:01 . 2008-06-06 19:22 81,496 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-25 17:01 . 2006-10-31 08:35 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-21 16:27 . 2008-05-21 16:27 405,504 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-05-21 16:05 . 2006-03-20 09:47 5,781 --a------ C:\WINDOWS\system32\Ludap17.ini
2008-05-21 16:05 . 2005-03-08 14:14 39 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-05-18 21:40 . 2008-05-18 21:40 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-05-14 16:55 . 2008-05-14 16:56 <DIR> d-------- C:\Program Files\CCleaner
2008-05-13 21:38 . 2008-05-13 21:38 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-13 21:38 . 2008-05-13 21:38 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-05-12 20:10 . 2008-05-12 20:10 <DIR> d-------- C:\Program Files\Common Files\Macromedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 09:22 --------- d-----w C:\Program Files\WinFlip
2008-06-06 08:53 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\Skype
2008-06-06 06:04 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\skypePM
2008-06-06 05:44 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\MailWasherPro
2008-06-04 20:56 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\LimeWire
2008-06-03 06:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-31 06:39 --------- d-----w C:\Program Files\Xilisoft
2008-05-29 07:55 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\AVGTOOLBAR
2008-05-24 21:24 --------- d-----w C:\Program Files\Windows Live
2008-05-21 06:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 06:27 --------- d-----w C:\Program Files\Creative
2008-05-14 07:13 --------- d-----w C:\Program Files\Yahoo!
2008-05-12 10:11 --------- d-----w C:\Program Files\Macromedia
2008-05-07 11:44 --------- d-----w C:\Program Files\SightSpeed
2008-05-06 06:01 16,512 ----a-w C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-05-05 08:51 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\Audacity
2008-05-01 09:32 --------- d-----w C:\Program Files\Common Files\Stardock
2008-04-30 08:24 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-04-29 20:50 --------- d-----w C:\Program Files\Free DVD Ripper
2008-04-28 06:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-04-27 00:03 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-26 04:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-25 08:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-25 06:11 --------- d-----w C:\Program Files\XoftSpySE
2008-04-24 21:51 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\RCP 5
2008-04-24 11:54 --------- d-----w C:\Program Files\ReaConverter 5.5 Pro
2008-04-24 07:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-24 07:25 --------- d-----w C:\Program Files\AVG
2008-04-23 09:08 --------- d-----w C:\Program Files\Scanitto
2008-04-23 09:08 --------- d-----w C:\Program Files\BlindScanner Pro
2008-04-22 06:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-19 09:55 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\Apple Computer
2008-04-19 09:40 --------- d-----w C:\Program Files\Safari
2008-04-19 09:40 --------- d-----w C:\Program Files\Bonjour
2008-04-19 09:39 --------- d-----w C:\Program Files\Apple Software Update
2008-04-09 11:25 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\Ahead
2008-04-07 03:15 --------- d-----w C:\Program Files\K1RFD
2008-04-06 21:30 --------- d-----w C:\Documents and Settings\VK3FCLL\Application Data\Desktop Sidebar
2008-04-06 21:28 --------- d-----w C:\Program Files\iTunes
2008-04-06 21:28 --------- d-----w C:\Program Files\iPod
2008-04-06 21:27 --------- d-----w C:\Program Files\QuickTime
2008-03-28 04:25 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-03-23 00:02 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-03-22 20:47 482 ----a-w C:\Program Files\CamStudio.lnk
2008-01-07 22:20 24,192 ----a-w C:\Documents and Settings\VK3FCLL\usbsermptxp.sys
2008-01-07 22:20 22,768 ----a-w C:\Documents and Settings\VK3FCLL\usbsermpt.sys
.

------- Sigcheck -------

2008-03-07 15:21 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-27 10:03 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-27 10:03 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-27 10:03 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 19:06 1667584]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-01 18:19 495616]
"WinFlip"="C:\Program Files\WinFlip\WinFlip.exe" [2007-10-25 01:12 462848]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 11:17 27136]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"SightSpeed"="C:\Program Files\SightSpeed\SightSpeed.exe" [2008-01-05 06:56 3637760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 17:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 20:04 2879488 C:\WINDOWS\SkyTel.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 11:48 275800]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-06 09:38 707360]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55 54832]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 14:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 14:55 1057328]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-05 05:59 45056]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 15:40 1884160]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2006-12-01 17:09 2056875]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-27 10:03 1177368]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"P17Helper"="P17.dll" [2006-03-17 16:11 81408 C:\WINDOWS\system32\P17.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 08:35 7634944]
"nwiz"="nwiz.exe" [2006-10-31 08:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 08:35 86016]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2007-12-27 12:28:23 5661184]
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 14:37:44 338216]

C:\Documents and Settings\VK3FCLL\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2007-12-27 12:28:23 5661184]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 17:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20685:TCP"= 20685:TCP:BitComet 20685 TCP
"20685:UDP"= 20685:UDP:BitComet 20685 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"11961:TCP"= 11961:TCP:BitCometBeta 11961 TCP
"11961:UDP"= 11961:UDP:BitCometBeta 11961 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-27 10:03]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-27 10:03]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 14:09]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 08:13]
R2 roclient;roclient;C:\Program Files\RemoteObserverClient\roclient.exe [2008-06-01 16:56]
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34]
S3 ALSysIO;ALSysIO;C:\DOCUME~1\VK3FCLL\LOCALS~1\Temp\ALSysIO.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2008-05-06 16:01]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 rcp_service;ReaConverter scheduler service;C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 12:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\

.
Contents of the 'Scheduled Tasks' folder
"2008-06-04 10:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 09:21:20 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-11 18:15:42 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 19:21:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-06-06 19:56:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 09:55:02

Pre-Run: 105,326,780,416 bytes free
Post-Run: 105,866,022,912 bytes free

245
 
No luck here . In fact you could say it's a luck, but no viruses, meaning I can't help.
Your problem's probably due to some Windows file error.
Did you try:
Checking your disk for problems (chkdsk command)
Fixing Windows ( Windows Repair )
I guess you could also download explorer.exe from the internet and switch the one from your System32 folder with that one. Maybe that would do it, but I doubt it since there is a backup in Windows anyway...

Here I found some link, maybe it helps: Download the Windows XP patch to fix the explorer.exe problem.
 
Last edited:
Well it was just annoying me and then a dr watson thing popped up so i did a few things... but the last 15 mins it hasn't done it.... i'll see how it goes over the weekend...

thanks anyway
 
You must log in or register to reply here.
Back
Top